How to Hack a Sequoia Touch-Screen Voting Machine

Experts from CA's
'Top-to-Bottom Review' of E-Voting Systems Demonstrate How
to Insert Virus, Access Machines Without Disturbing
'Security Seals' in Hack Which Would Not Be Discovered Even
in 100% Audit of 'Paper Trails'

The Computer
Security Group at the University of California Santa Barbara
(UCSB) has released a short, chilling video
demonstrating how a single person can hack an election on a
touch-screen voting system --- even one with a so-called
"Voter Verifiable Paper Trail" (VVPAT) added to it --- in
such a way that it is highly unlikely that the manipulation
would ever be detected by either the public or election
officials.

The video which shows "just examples of the
different ways in which the system can be compromised" is
the latest in a similar string of such demonstrations that
have been released over the last two years, all showing how
easily electronic voting systems can be tampered with, often
undetectably.

In the UCSB video posted below, the hack of
Sequoia voting system being prepared for use in an entire
county, is done in approximately 3 seconds, by a single
person with simple insider access and a $10 USB thumb drive.
Every machine used in the county, in such a case, would be
effected. Moreover, the viral hack would not be discovered
by pre-election "Logic and Accuracy" testing --- in cases
were election officials actually bother to perform such
tests prior to elections --- nor would it likely be
discovered even in the event of a complete, 100%
post-election audit of the touch-screen "paper-trail"
records.

The hack demonstration, prepared by the UCSB
scientists as part of California's 2007 "Top-to-Bottom Review" of all of the
state's e-voting systems, also reveals how so-called
"security seals" placed on such machines after they've been
programmed for an election, can be easily defeated without
detection...

How
and Why It Was Done...

The landmark California study,
which employed dozens of the world's top computer scientists
and security experts, was commissioned by Sec. of State
Debra Bowen. The first-of-its-kind, independent state
analysis, included hack tests --- so-called, "Red Team"
attacks --- to analyze the security of the e-voting systems.
All of the systems studied were easily defeated by the
testers.

The UCSB group was in charge of the analysis of
voting machines made by Sequoia Voting Systems.

The
methods used in the hack of a Sequoia Edge direct recording
electronic (DRE, touch-screen) system --- a system which
includes the Sequoia Verivote paper-trail printer, as seen
in the video --- were original described in the Red Team security analysis [PDF] of the
Sequoia systems as published by the Secretary of
State.

The video demonstrating the voting system
manipulation was prepared at the same time, but had not been
released publicly until now, despite the UCSB Security Group
having encouraged the Secretary of State's office to do so
for some time. The scientists involved in the tests declined
to speak on the record as to their reasons for releasing it
on their own at this time.

"We found a number of major
flaws that can be exploited to compromise the integrity,
confidentiality, and availability of the voting process,"
explains the UCSB website where the video was
released. "In particular, we developed a virus-like
software that can spread across the voting system, modifying
the firmware of the voting machines."

The page goes on to
explain that "The modified firmware is able to steal votes
even in the presence of a Voter-Verified Paper Audit Trail
(VVPAT)."

In addition to the hack of the paper-trail
touch-screen system, the UCSB scientists also demonstrate,
in the video, how the Sequoia Edge touch-screen voting
system may be accessed and manipulated even after
so-called "security seals" have been applied to the machine
following pre-election programming. The members of the team
in the demonstration are seen access the system, while the
plastic "security seals" are remain undisturbed in the
process.

"Security seals" of this type, as used in
California and elsewhere --- seen being easily defeated in
the video --- have been cited by election officials and
voting machine companies alike as key to the secure use of
electronic voting machines such as the one seen being hacked
in the video above.

E-Voting "Fatally
Flawed"...

"The video shows how one can use a simple
USB key to infect the laptop used to prepare the cards that
initialize the various voting devices. As a result, the
cards are loaded with a malicious software component," UCSB
explains.

"When a card is inserted in a voting terminal,
the malicious software exploits a vulnerability in the
terminal loading procedure and installs a modified firmware,
effectively 'brainwashing' the terminal. Later, when the
terminal is used by the voters to cast their votes, the
firmware uses a number of different techniques to modify the
contents of the ballots being cast"

The UCSB Security
Group page notes that electronic voting systems are
exceedingly vulnerable to malicious manipulation of the type
demonstrated in their video.

"While most critical systems
are continuously scrutinized and evaluated for safety and
correctness, electronic voting systems are not subject to
the same level of scrutiny," they write.

"A number of
recent studies have shown that most (if not all) of the
electronic voting systems being used today are fatally
flawed, and that their quality does not match the importance
of the task that they are supposed to carry out."

The
Latest of Many Such E-Vote Hack Demonstrations...

The
Sequoia Edge system seen being hacked in the video above is
the same type of system on which The
BRAD BLOG had revealed another serious flaw, just days
before the 2006 general election. As we reported at the
time, a yellow button on the back of each voting machine (as
can be seen in the UCSB video as well) can be pressed in
such a way as to put the system into "manual mode," allowing
for an unlimited number of votes to be cast by a single
individual.

The hack demonstration video published by the
California academics wouldn't be the first such video to
detail exactly how an electronic voting system can be hacked
by a single malicious individual. Other notable cases
include:

A 2006 Princeton University study
revealed how to carry out a similar viral attack on a
Diebold touch-screen voting systems, resulting in the spread
of a vote-flipping virus, that would spread from machine to
machine after access to just one of them (DISCLOSURE: The
machine used in Princeton's testing was supplied to us by a
Diebold insider. We then passed it on to the university for
the first such independent study of such a voting
system.)Story here, video demo here...

While the
Princeton scientists also demonstrated how the lock on a
Diebold touch-screen system could be opened with either a
standard hotel mini-bar key --- or even a paper clip in
about 10 seconds time --- another enterprising individual
found he was able to fashion a homemade key that would open
the Diebold system as well. The key was made after modeling
it after a photograph of the key --- the same one is used
for every Diebold machine --- as, incredibly enough, posted
on the company's website. Story
here, video here...

A 2006 HBO
documentary, Hacking Democracy, showed a
paper-based, Diebold optical-scan tabulator being
manipulated in a mock election which flipped the results
reported by the system. That landmark hack disclosed
still-uncorrected security flaws in all Diebold
systems (both touch-screen and optical-scan). The exact same
Diebold, paper-based tabulators were used in last January's
anomalous New Hampshire primary. Video here...

A one-minute
2006 hack demonstration of an e-voting system used in the
Netherlands, shows how a key chip can be replaced in such a
system in just 60-seconds. PDF analysis here, video
here...

"Paper-Trails" Are
Meaningless...

The UCSB demonstration of the Sequoia
Edge with Verivote hack is notable, however, given that many
proponents of electronic voting --- including many Democrats
and their various public interest group supporters, such as
People for the American Way (PFAW), Common Cause, Verified
Voting, NYU's Brennan Center for Justice and others --- have
argued that adding paper-trails (VVPATs) to such systems
would mean that any manipulation of the system would be
discovered during an examination of the paper-trails after
an election. As the video shows, post-election examinations
or audits of touch-screen paper-trail systems hacked in this
way, would not easily --- if at all --- reveal the
manipulation.

Following Bowen's "Top-to-Bottom Review",
touch-screen systems made by Sequoia, Diebold and ES&S were
restricted to use of one-per-precinct only, in order to
marginally meet the disabled-accessible voting requirements
of the federal Help America Vote Act (HAVA). She also
required a 100% hand-count of the paper-trails produced by
such systems, even though the UCSB team found that such
audits would not necessarily catch voting system
manipulation. Many states around the country continue to
allow unfettered use of such hackable voting systems. None,
other than California, require 100% post-election
audits.

A similar DRE system made by Hart InterCivic was
allowed for full use, almost inexplicably, after the
California testing, in two different counties.

Despite the
quickly mounting scientific evidence persuading against the
use of such systems in American elections, Congressman Rush
Holt (D-NJ) and Senator Diane Feinstein (D-CA) have proposed
a number of bills which would allow for the continued use of
touch-screen voting systems with paper-trails. The
Republican caucuses in each chamber have so far stymied all
such legislation, even as they argue in favor of the use of
all such electronic systems, with or without the often
misleading paper-trails.

This is an opportunity for you as one of the 4 million potential funders and recipients of a Universal Basic Income to collectively consider the issue:1. Is UBI is a desirable policy for New Zealand; and2. How should a UBI system work in practice. More>>

The National party has announced its youth justice policy, which includes a controversial plan for recidivist serious youth offenders to be hit over the head with a comically large rubber mallet. More>>

ALSO:

It's been brought to my attention that Labour's new campaign slogan is "Let's do this". A collective call to action. A mission. I myself was halfway out of the couch before I realised I wasn't sure what it was I was supposed to do. More>>

ALSO:

Ordinary citizens have had very few venues where they can debate and discuss as to what they believe has led to the crisis in affordable housing and how we might begin to address this. The HiveMind on affordable housing was about redressing the balance. More>>

ALSO:

This is an opportunity for you as one of the 4 million guardians of our common water resources to help us find mutually agreeable solutions to the critical task of collectively managing these resources for health and sustainability. More>>